Your agent hires a stranger's agent to run a model. Something comes back. Was it the specialist model, or the cheapest available? Did it even run? VCR is the receipt — a 21-field cryptographic proof of what model ran, what went in, what came out, when, and who signed it. Verifiable by anyone without contacting the provider.
21 fields, deterministically serialised. The receipt_id is SHA-256 of the canonical binary encoding — change any field and the hash breaks. Signed with Ed25519 by the provider.
| Field | Type | Purpose |
|---|---|---|
| schema_version | uint16 | Spec version for forward compatibility |
| model_id | bytes32 | SHA-256 of model identifier |
| verification_key_id | bytes32 | Key to retrieve proving circuit/enclave attestation |
| input_hash | bytes32 | SHA-256 of input data (data stays private) |
| output_hash | bytes32 | SHA-256 of output data |
| proof | bytes | ZK proof or TEE attestation document |
| public_inputs | bytes | Public inputs to the verification circuit |
| proving_backend | string | e.g. ezkl-halo2, tee-nitro-v1 |
| timestamp | uint64 | Unix seconds when computation completed |
| parent_receipts | ParentRef[] | SHA-256 links to receipts this built on |
| provenance_depth | uint16 | Longest chain of parent references |
| provider | bytes32 | Ed25519 public key of the operator |
| original_price | uint64 | Price in smallest currency unit |
| currency | string | e.g. USD-cents |
| royalty_terms | struct | provider_royalty, parent_royalty (bps), cascade flag |
| transfer_count | uint16 | How many times this receipt has been transferred |
| signature | bytes | Ed25519 over SHA-256(canonical_bytes) |
| signature_scheme | string | ed25519 |
| extensions | Extension[] | Future-proof key-value pairs |
Every field is encoded as BE32(length) || value. Lists are prefixed with BE32(count). The encoding is deterministic — Python and Rust produce byte-identical output. The receipt_id is simply SHA-256(canonical_bytes).
encode_field(data) = BE32(len(data)) || data
uint16 → BE16 (2 bytes) → encode_field
uint64 → BE64 (8 bytes) → encode_field
string → UTF-8 bytes → encode_field
bytes32 → 32 raw bytes → encode_field
list → BE32(count) || item₀.canonical() || item₁.canonical() || ...A verifier runs five checks against the receipt alone. No network calls, no trusted third party.
Transfers are appended to Merkle trees maintained by independent log servers. Domain-separated hashing prevents second-preimage attacks.
leaf_hash = SHA-256(0x00 || canonical_bytes || BE64(log_timestamp))
node_hash = SHA-256(0x01 || left_child || right_child)
root = recursive construction, odd leaves duplicatedAny entry can be proven to exist in the tree with an inclusion proof — a list of sibling hashes and directions that reconstructs the root:
verify(leaf, path, root):
current = leaf
for (sibling, direction) in path:
if direction == left:
current = H(0x01 || sibling || current)
else:
current = H(0x01 || current || sibling)
return current == rootEach log tracks ownership(receipt_id) → current_owner_key. A transfer is only accepted if from_key matches the current owner. Attempting to transfer a receipt you don't own returns 409 Conflict.
Log servers countersign each other's checkpoints. A checkpoint is 69 bytes:
"tessera-checkpoint-v1" (21B) || BE64(log_size) || root (32B) || BE64(timestamp)Each peer verifies the operator's Ed25519 signature, checks for rollback (log_size must never decrease), and countersigns. The network currently requires 2-of-3 witnesses before publishing a checkpoint.
3 seed nodes on separate infrastructure. Anyone can run a log node and join the witness network.
Receipts reference their parents through SHA-256 hash links. Each parent reference carries a relationship type: input, reference, or aggregation. Change any ancestor and every descendant's hash breaks — the chain is tamper-evident from root to leaf.
Agent B's receipt references Agent A's receipt_id. Agent C references B. The full supply chain is independently verifiable.
No staking, no deposits, no blockchain. Trust is computed from verifiable work history.
trust_quotient = effective_stake / transaction_value
effective_stake = (direct_value + royalty_npv + dependency_value)
× counterparty_diversityAn operator's effective stake combines the total value of their verified receipts, projected royalty income from downstream work, and how many other receipts depend on theirs. Counterparty diversity (EigenTrust-family scoring) prevents sybil gaming — trading with yourself converges your score toward zero.
When a receipt is resold, royalties flow back through the provenance chain. Terms are baked into the canonical hash at creation — they can't be changed after the fact.
provider_cut = sale_price × (provider_royalty / 10000)
parent_cut = sale_price × (parent_royalty / 10000)
split equally among parent_receipts
if cascade=true, recurse into each parentEarly, high-quality work earns from everything built on top of it. The incentive is to produce foundational work, not to race to the bottom on price.
No blockchain. No token. No consensus mechanism. Transparency logs with cross-log witnessing. The same model as Certificate Transparency (RFC 6962), adapted for compute receipts. If a log lies, witnesses catch it. If a log disappears, the Merkle proofs are self-contained.
pip install requests cryptography
curl -sL https://raw.githubusercontent.com/Henry-Shelton/tesseravcr/main/tessera-network/join_network.py | python3 -Generates an Ed25519 keypair, creates a receipt, submits a transfer, gets a Merkle proof back. View source — 120 lines, no magic.
curl -fsSL https://raw.githubusercontent.com/Henry-Shelton/tesseravcr/main/tessera-rust/tessera-log-server/deploy/setup.sh | sudo bashDocker + Caddy on any VPS. Your node witnesses checkpoints from peers automatically. Full guide
# Health check
curl https://log1.tesseravcr.org/v1/health
# Latest checkpoint (signed Merkle root)
curl https://log1.tesseravcr.org/v1/checkpoint
# Get an entry with provenance links
curl https://log1.tesseravcr.org/v1/entry/28
# Merkle inclusion proof for entry 28
curl https://log1.tesseravcr.org/v1/proof/28
# Full receipt with transfer history
curl https://log1.tesseravcr.org/v1/receipt/<receipt_id_hex>| Component | Status | Details |
|---|---|---|
| Spec | Complete | 21 fields, canonical serialisation, test vectors |
| Python reference | Complete | Receipt, transfer, settlement, stake computation |
| Rust implementation | Complete | Byte-identical to Python. 52 tests. |
| Log server | Live | Merkle tree, proofs, witnessing, double-spend detection |
| Seed network | Live | 3 nodes, 2-of-3 witnessing, provenance DAGs persisted |
| SDK wrappers | Planned | LangGraph, CrewAI integration (Phase 3A) |
| Trust enforcement | Tested | Computed in tests, not yet enforced at runtime |
| Payment rails | Deferred | IOUs sufficient for demo. Real money adds compliance. |